< Return to Video

Simplifying Zero Trust for User-Based Security

  • 0:00 - 0:02
    hello everyone and welcome to the
  • 0:02 - 0:04
    security speakeasy show
  • 0:04 - 0:07
    where we talk about network security and
  • 0:07 - 0:07
    today
  • 0:07 - 0:09
    we're going to cover a topic that's of
  • 0:09 - 0:10
    interest to a lot of security
  • 0:10 - 0:11
    professionals
  • 0:11 - 0:14
    around the world we will talk about zero
  • 0:14 - 0:15
    trust
  • 0:15 - 0:17
    and what palo alto networks offers to
  • 0:17 - 0:20
    address zero trust for identity
  • 0:20 - 0:21
    and we have the right person to talk
  • 0:21 - 0:30
    about on this topic
  • 0:30 - 0:35
    [Music]
  • 0:35 - 0:37
    my name is niyakumar and i'm the senior
  • 0:37 - 0:38
    product marketing manager
  • 0:38 - 0:41
    at palo alto networks and joining me
  • 0:41 - 0:43
    today is brian levin
  • 0:43 - 0:45
    who's a product line manager for
  • 0:45 - 0:47
    identity and access and is responsible
  • 0:47 - 0:49
    for cloud identity products and
  • 0:49 - 0:50
    initiatives
  • 0:50 - 0:54
    brian welcome to the show now everyone
  • 0:54 - 0:55
    in the industry and the media has been
  • 0:55 - 0:57
    talking about zero trust
  • 0:57 - 0:59
    can you tell us what exactly is your
  • 0:59 - 1:01
    trust and why are companies talking
  • 1:01 - 1:02
    about it
  • 1:02 - 1:04
    thank you thank you for having me on the
  • 1:04 - 1:06
    show today uh zero trust is a very hot
  • 1:06 - 1:08
    topic within the industry
  • 1:08 - 1:10
    and specifically because the industries
  • 1:10 - 1:11
    change and there's a lot more remote
  • 1:11 - 1:12
    work going on
  • 1:12 - 1:15
    so zero trust is a policy where it's
  • 1:15 - 1:18
    important to give least privilege access
  • 1:18 - 1:19
    to
  • 1:19 - 1:20
    all users so that means that you must
  • 1:20 - 1:22
    verify users applications and devices on
  • 1:22 - 1:23
    your network
  • 1:23 - 1:25
    before allowing them to access any
  • 1:25 - 1:27
    assets this is becoming
  • 1:27 - 1:29
    increasingly important because of course
  • 1:29 - 1:30
    network boundaries have changed
  • 1:30 - 1:33
    and people are working from everywhere
  • 1:33 - 1:35
    users and applications are spanning
  • 1:35 - 1:36
    multiple products and services
  • 1:36 - 1:38
    across multiple different locations and
  • 1:38 - 1:41
    it just makes it more and more important
  • 1:41 - 1:43
    to really focus on zero trust and having
  • 1:43 - 1:45
    zero trust policy in place
  • 1:45 - 1:47
    uh there's it's been a huge focus
  • 1:47 - 1:49
    recently because in the recent white
  • 1:49 - 1:51
    house press announcement
  • 1:51 - 1:53
    they've recommended zero trust as a way
  • 1:53 - 1:54
    to secure your networks
  • 1:54 - 1:56
    and nist and the us government have both
  • 1:56 - 1:58
    come out with standards and how to
  • 1:58 - 2:00
    implement zero trust
  • 2:00 - 2:02
    it's a focus here at palo alto networks
  • 2:02 - 2:04
    because we take a very holistic approach
  • 2:04 - 2:06
    at the way we implement zero trust a lot
  • 2:06 - 2:09
    of other companies are looking at ztna
  • 2:09 - 2:11
    or remote access of users as being zero
  • 2:11 - 2:12
    trust
  • 2:12 - 2:14
    but we're focused on the end-to-end
  • 2:14 - 2:16
    strategy of xero trust which spans
  • 2:16 - 2:17
    campus branch
  • 2:17 - 2:19
    remote users of course data centers
  • 2:19 - 2:20
    public private cloud
  • 2:20 - 2:24
    and sas applications thank you brian
  • 2:24 - 2:26
    you know you mentioned that one of the
  • 2:26 - 2:27
    cornerstones of zero trust
  • 2:27 - 2:29
    is to give your users access to all the
  • 2:29 - 2:31
    applications they need
  • 2:31 - 2:33
    with zero trust in mind can you
  • 2:33 - 2:34
    elaborate on that
  • 2:34 - 2:37
    and how does that affect today's reality
  • 2:37 - 2:38
    when we all are working from different
  • 2:38 - 2:39
    locations
  • 2:39 - 2:41
    for example right now i'm working from
  • 2:41 - 2:43
    home and then very soon we're gonna go
  • 2:43 - 2:44
    to the office two days in a week and
  • 2:44 - 2:46
    then few days we'll work from home
  • 2:46 - 2:49
    um and we're moving to this hybrid work
  • 2:49 - 2:50
    environment scenario
  • 2:50 - 2:52
    so what exactly is changing with the way
  • 2:52 - 2:54
    networks are being deployed
  • 2:54 - 2:56
    as the world is moving towards this
  • 2:56 - 2:57
    distributed network
  • 2:57 - 3:00
    system yeah if we go back like five
  • 3:00 - 3:02
    years or maybe even two years or
  • 3:02 - 3:05
    a year and a half everyone was sitting
  • 3:05 - 3:05
    in an
  • 3:05 - 3:08
    office and in that office there'll be a
  • 3:08 - 3:09
    single point of egress for internet
  • 3:09 - 3:11
    and that will have a single security
  • 3:11 - 3:13
    stack so the network was very simple
  • 3:13 - 3:16
    you would have a single source or single
  • 3:16 - 3:18
    active directory that will provide
  • 3:18 - 3:20
    identity of all of your users you would
  • 3:20 - 3:21
    have all the data going through a single
  • 3:21 - 3:22
    point
  • 3:22 - 3:24
    and things were simple at that time
  • 3:24 - 3:26
    today it's much different
  • 3:26 - 3:28
    people are working from home sometimes
  • 3:28 - 3:29
    to office sometimes
  • 3:29 - 3:31
    branches sometimes a coffee shop and
  • 3:31 - 3:32
    with that kind of
  • 3:32 - 3:35
    distributing the workforce applications
  • 3:35 - 3:36
    are spanning
  • 3:36 - 3:38
    all of this all the time and so it just
  • 3:38 - 3:39
    becomes more and more important to have
  • 3:39 - 3:41
    that consistent security experience
  • 3:41 - 3:43
    regardless of what applications you're
  • 3:43 - 3:45
    using and what location
  • 3:45 - 3:48
    absolutely so at palo alto networks
  • 3:48 - 3:49
    especially your team works mainly on
  • 3:49 - 3:51
    identity based capabilities
  • 3:51 - 3:52
    and we've been offering you know
  • 3:52 - 3:55
    user-based security for over a decade
  • 3:55 - 3:57
    how did this affect in particular
  • 3:57 - 3:59
    identity example implementing and
  • 3:59 - 4:01
    maintaining user-based security and
  • 4:01 - 4:03
    authentication
  • 4:03 - 4:06
    yeah that's a great point and if we can
  • 4:06 - 4:07
    go back to
  • 4:07 - 4:10
    the previous example about in the last
  • 4:10 - 4:11
    or two years ago everyone was in a
  • 4:11 - 4:12
    single location
  • 4:12 - 4:15
    now it's that distribution and with that
  • 4:15 - 4:16
    distribution
  • 4:16 - 4:19
    that single microsoft ad server that
  • 4:19 - 4:20
    ninety percent of enterprises across the
  • 4:20 - 4:21
    world
  • 4:21 - 4:23
    we're using is no longer applicable
  • 4:23 - 4:24
    because we have
  • 4:24 - 4:27
    um we have applications that are on-prem
  • 4:27 - 4:29
    we have cloud applications we have users
  • 4:29 - 4:30
    everywhere
  • 4:30 - 4:32
    and so there's a couple trends that are
  • 4:32 - 4:33
    really influencing identity and
  • 4:33 - 4:35
    authentication throughout the network
  • 4:35 - 4:37
    one is of course on-prem and that's your
  • 4:37 - 4:38
    on-premise ad
  • 4:38 - 4:41
    server that is in your network second is
  • 4:41 - 4:43
    something called hybrid identity
  • 4:43 - 4:45
    where you have your on-prem ad but then
  • 4:45 - 4:46
    you also have a cloud service that
  • 4:46 - 4:48
    synchronizes with it
  • 4:48 - 4:49
    so all of your on-prem applications
  • 4:49 - 4:51
    would connect to your on-prem server
  • 4:51 - 4:53
    and all of your cloud applications would
  • 4:53 - 4:55
    connect to the cloud instance of it
  • 4:55 - 4:57
    and that's called hybrid identity and
  • 4:57 - 4:58
    then there's multi-cloud identity
  • 4:58 - 5:00
    which is where you have multiple
  • 5:00 - 5:02
    different cloud-based identity services
  • 5:02 - 5:04
    in typical enterprises today those are
  • 5:04 - 5:06
    all mixed so think about having
  • 5:06 - 5:10
    not just one but two three four possibly
  • 5:10 - 5:11
    even ten sources of identity
  • 5:11 - 5:14
    in a single network absolutely and i can
  • 5:14 - 5:16
    see why that's a challenge
  • 5:16 - 5:18
    so as customers are trying to implement
  • 5:18 - 5:20
    user-based security and implementing
  • 5:20 - 5:21
    authentication whether it's single
  • 5:21 - 5:24
    sign-on or multi-factor authentication
  • 5:24 - 5:26
    using these multiple sources of identity
  • 5:26 - 5:27
    information that you just mentioned
  • 5:27 - 5:29
    whether it's on-prem or cloud id
  • 5:29 - 5:30
    providers
  • 5:30 - 5:33
    what are some of the key challenges that
  • 5:33 - 5:35
    you're seeing that organizations and
  • 5:35 - 5:38
    security teams are facing today yeah so
  • 5:38 - 5:39
    the
  • 5:39 - 5:41
    two key pain points that we're seeing
  • 5:41 - 5:43
    security teams and
  • 5:43 - 5:45
    identity teams really face as they
  • 5:45 - 5:47
    deploy network security today
  • 5:47 - 5:50
    is one is making sure that the right
  • 5:50 - 5:52
    resource has that consistent experience
  • 5:52 - 5:53
    when they come from many different
  • 5:53 - 5:55
    locations so i expect it
  • 5:55 - 5:57
    access apps the exact same way if i'm at
  • 5:57 - 5:59
    home or if i'm in the office
  • 5:59 - 6:00
    or if i'm on my mobile phone in the
  • 6:00 - 6:03
    coffee shop and so that consistency
  • 6:03 - 6:05
    through identity is key the second is
  • 6:05 - 6:07
    just maintaining authentication
  • 6:07 - 6:09
    and so with so many different locations
  • 6:09 - 6:11
    and authentication sources
  • 6:11 - 6:12
    it's how do i make sure i've accessed
  • 6:12 - 6:14
    the right assets at any given time
  • 6:14 - 6:18
    and those are the key problems we see
  • 6:18 - 6:20
    absolutely so you know at palo alto
  • 6:20 - 6:22
    networks our goal is to simplify
  • 6:22 - 6:24
    security for our customers
  • 6:24 - 6:26
    what's palo alto networks doing about
  • 6:26 - 6:28
    this problem and how are we addressing
  • 6:28 - 6:30
    the problem of simplifying user-based
  • 6:30 - 6:31
    security
  • 6:31 - 6:33
    and addressing zero trust for our
  • 6:33 - 6:36
    customers
  • 6:36 - 6:38
    yeah here at palo alto networks uh
  • 6:38 - 6:40
    holistic zero trust approach
  • 6:40 - 6:43
    is top of mind with us we have recently
  • 6:43 - 6:44
    introduced
  • 6:44 - 6:45
    uh cloud identity engine which is a
  • 6:45 - 6:47
    brand new cloud service
  • 6:47 - 6:49
    focused on solving this problem for for
  • 6:49 - 6:52
    the industry and for our customers
  • 6:52 - 6:54
    we focus on two elements identity and
  • 6:54 - 6:55
    simple authentication
  • 6:55 - 6:57
    from our identity point of view what we
  • 6:57 - 6:58
    do is we connect to both
  • 6:58 - 7:01
    on-prem and cloud directory sources we
  • 7:01 - 7:02
    are able to
  • 7:02 - 7:06
    to pull all of the data attributes
  • 7:06 - 7:07
    together in a single source
  • 7:07 - 7:10
    and then serve that to all palo alto
  • 7:10 - 7:10
    products
  • 7:10 - 7:12
    whether it's our firewalls prisma access
  • 7:12 - 7:15
    xdr our management systems
  • 7:15 - 7:17
    and then with all that in a single place
  • 7:17 - 7:19
    we're able to ensure that
  • 7:19 - 7:22
    our consistent security policy is issued
  • 7:22 - 7:24
    and so now i have that exact same
  • 7:24 - 7:25
    experience if i'm at home
  • 7:25 - 7:28
    if i'm in the office or anywhere else in
  • 7:28 - 7:29
    the world
  • 7:29 - 7:31
    i am brian and i have access to my apps
  • 7:31 - 7:33
    and that is what's key here
  • 7:33 - 7:36
    in addition to just the identification
  • 7:36 - 7:38
    we've solved the authentication problem
  • 7:38 - 7:38
    too
  • 7:38 - 7:41
    where there's many different idps out
  • 7:41 - 7:42
    there
  • 7:42 - 7:44
    and those idps need to be configured as
  • 7:44 - 7:47
    an sp for each of my different firewalls
  • 7:47 - 7:47
    and
  • 7:47 - 7:50
    cloud services and so that means that it
  • 7:50 - 7:52
    can take a network administrator
  • 7:52 - 7:55
    or an admin almost almost a month
  • 7:55 - 7:58
    to possibly even a year to configure a
  • 7:58 - 7:59
    single idp on their network
  • 7:59 - 8:02
    that's very painful and time consuming
  • 8:02 - 8:03
    we've reduced that
  • 8:03 - 8:05
    into allowing you to bring a single idp
  • 8:05 - 8:07
    on within 10 minutes
  • 8:07 - 8:09
    and so these are the two ways that we
  • 8:09 - 8:11
    just make the network a lot easier for
  • 8:11 - 8:15
    customers as they migrate to zero trust
  • 8:15 - 8:17
    yeah brian that's really fascinating and
  • 8:17 - 8:19
    i hope our listeners are excited to hear
  • 8:19 - 8:21
    how we're simplifying
  • 8:21 - 8:22
    implementation of identity based
  • 8:22 - 8:24
    security with cloud int engine
  • 8:24 - 8:26
    and by the way did i just hear 10
  • 8:26 - 8:30
    minutes yes 10 minutes from a single idp
  • 8:30 - 8:33
    that's very impressive if you would like
  • 8:33 - 8:34
    to know more about
  • 8:34 - 8:35
    cloud identity engine check out the
  • 8:35 - 8:37
    demos and the technical content that we
  • 8:37 - 8:38
    have
  • 8:38 - 8:40
    you can either google it or use the
  • 8:40 - 8:43
    links in the description below
  • 8:43 - 8:45
    if you have liked the show hit the
  • 8:45 - 8:46
    subscribe button
  • 8:46 - 8:48
    leave a comment and visit palo alto
  • 8:48 - 8:50
    networks dot com
  • 8:50 - 8:56
    thank you
  • 9:00 - 9:02
    you
Title:
Simplifying Zero Trust for User-Based Security
Description:
more » « less
Video Language:
English
Duration:
09:01

English subtitles

Revisions Compare revisions

Our website uses cookies for analysis purposes.